[Free] 2017(Apr) Ensurepass Testking Cisco 300-206 Latest Dumps 61-70

Ensurepass
2017 April Cisco Official New Released 300-206 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-206.html

Implementing Cisco Edge Network Security Solutions

QUESTION 61

What is the default behavior of NAT control on Cisco ASA Software Version 8.3?

 

A.

NAT control has been deprecated on Cisco ASA Software Version 8.3.

B.

It will prevent traffic from traversing from one enclave to the next without proper access configuration.

C.

It will allow traffic to traverse from one enclave to the next without proper access configuration.

D.

It will deny all traffic.

 

Correct Answer: A

 

 

QUESTION 62

Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to control the flow of traffic?

 

A.

man-in-the-middle

B.

denial of service

C.

distributed denial of service

D.

CAM overflow

 

Correct Answer: A

 

 

QUESTION 63

Refer to the exhibit. To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host?

 

clip_image001

 

A.

Host A on a promiscuous port and Host B on a community port

B.

Host A on a community port and Host B on a promiscuous port

C.

Host A on an isolated port and Host B on a promiscuous port

D.

Host A on a promiscuous port and Host B on a promiscuous port

E.

Host A on an isolated port and host B on an isolated port

F.

Host A on a community port and Host B on a community port

 

Correct Answer: E

 

 

QUESTION 64

Which two statements about Cisco IDS are true? (Choose two.)

 

A.

It is preferred for detection-only deployment.

B.

It is used for installations that require strong network-based protection and that include sensor tuning.

C.

It is used to boost sensor sensitivity at the expense of false positives.

D.

It is used to monitor critical systems and to avoid false positives that block traffic.

E.

It is used primarily to inspect egress traffic, to filter outgoing threats.

 

Correct Answer: AD

 

 

QUESTION 65

Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?

 

A.

A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy

B.

A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy

C.

An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option

D.

A class-map that matches port 2525 and applying it on an access-list using the inspect option

 

Correct Answer: A

 

 

QUESTION 66

At which firewall severity level will debugs appear on a Cisco ASA?

 

A.

7

B.

6

C.

5

D.

4

 

Correct Answer: A

 

 

QUESTION 67

Which threat-detection feature is used to keep track of suspected attackers who create connections to too many hosts or ports?

 

A.

complex threat detection

B.

scanning threat detection

C.

basic threat detection

D.

advanced threat detection

 

Correct Answer: B

 

 

QUESTION 68

What are two reasons for implementing NIPS at enterprise Internet edges? (Choose two.)

 

A.

Internet edges typically have a lower volume of traffic and threats are easier to detect.

B.

Internet edges typically have a higher volume of traffic and threats are more difficult to detect.

C.

Internet edges provide connectivity to the Internet and other external networks.

D.

Internet edges are exposed to a larger array of threats.

E.

NIPS is more optimally designed for enterprise Internet edges than for internal network configurations.

 

Correct Answer: CD

 

 

QUESTION 69

Which function in the Cisco ADSM ACL Manager pane allows an administrator to search for a specfic element?

 

A.

Find

B.

Device Management

C.

Search

D.

Device Setup

 

Correct Answer: A

 

 

QUESTION 70

A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues?

 

A.

Remove the ip helper-address

B.

Configure a Port-ACL to block outbound TCP port 68

C.

Configure DHCP snooping

D.

Configure port-security

 

Correct Answer: C

100% Free Download!
—Download Free Demo:300-206 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-206 Full Exam PDF and VCE Q&As:222
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Te
stking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com